bug#6953: 24.0.50; serious security bug in create backup files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files

From:	Mark Diekhans
Subject:	bug#6953: 24.0.50; serious security bug in create backup files
Date:	Thu, 2 Sep 2010 09:33:36 -0700

Ah, this is because copy-file (in fileio.c) does
      fchmod (ofd, st.st_mode & 07777);

It seems like copy-file needs an option to disable this.

The behavior of backup-buffer-copy where it keeps the existing
file would also be a hole.

mark <sigh>

Glenn Morris <rgm@gnu.org> writes:
> markd@soe.ucsc.edu wrote:
> 
> > Oh, wait, it doesn't look like there is a problem with your patch,
> > only the comment ;-)   backup-buffer-copy says:
> >
> >       ;; Create temp files with strict access rights.  It's easy to
> >       ;; loosen them later, whereas it's impossible to close the
> >       ;; time-window of loose permissions otherwise.
> 
> I don't know what this comment means. There are no "temp files" AFAICS
> (unless copy-file creates some internally). I think this comment may
> be a leftover from when this code used write-region rather than
> copy-file. Indeed the whole mode-changing bit may be as well. C-h f
> copy-file says: "This function always sets the file modes of the
> output file to match the input file."
> 
> Eg:
> 
> touch ~/1
> chmod 644 ~/1
> (set-default-file-modes ?\700)
> (copy-file "~/1" "~/2" t t t)
> ls -l ~/2  # -> world readable

[Prev in Thread]

Current Thread

[Next in Thread]

bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, markd, 2010/09/02
  - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/02
    - bug#6953: 24.0.50; serious security bug in create backup files, Mark Diekhans <=
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/07
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/13
    - bug#6953: 24.0.50; serious security bug in create backup files, Lennart Borgman, 2010/09/13
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/21

Prev by Date: bug#6941: 24.0.50; yank doesn't return latest kill
Next by Date: bug#6957: url-cookie-expired-p Redux (at last)
Previous by thread: bug#6953: 24.0.50; serious security bug in create backup files
Next by thread: bug#6953: 24.0.50; serious security bug in create backup files
Index(es):
- Date
- Thread